dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4444
share rss forum feed

chawni

join:2003-12-02
Stuart, FL

[Servers] Can't Access Internet With VPN Connection

I work from home and my employer has just required that I connect to their server thru a VPN connection. My problem is that once connected, my internet access is dead on MY computer. Is there a way I can prevent this, work around, do something to get it back? It's driving me crazy.
Thanks in advance!


shdesigns
Powered By Infinite Improbabilty Drive
Premium
join:2000-12-01
Stone Mountain, GA

1 recommendation

Talk to your employer IT department. They set up the VPN and the access policies that go with it.

chawni

join:2003-12-02
Stuart, FL
They told me I wouldnt be able to access it. Period. There has to be a way around it.

nyrrule27

join:2007-12-06
Howell, NJ
are you using your personal computer or a company supplied computer?

chawni

join:2003-12-02
Stuart, FL
I am using my personal computer. I apologize for not saying that earlier.


SoonerAl
Premium,MVM
join:2002-07-23
South Padre Island, TX
kudos:5
reply to chawni
Generally you want to direct all client traffic through the VPN tunnel. Not doing so is a potential security risk for the VPN server end of the link. This is called "split tunneling".

From Microsoft...

quote:
When a VPN client computer is connected to both the Internet and a private intranet and has routes that allow reachability to both networks, the possibility exists that a malicious Internet user might use the connected VPN client computer to reach the private intranet through the authenticated VPN connection.
This can be configured on the client side, ie. the native Windows PPTP client for example, or on the server side. It depends on the VPN your work/office is using. In your case it simply sounds like your out of luck because of company policies...

nyrrule27

join:2007-12-06
Howell, NJ
reply to chawni
Screw that. Tell the company to supply you with a computer then. If you are using your personal PC they shouldn't be locking you out of browsing the Internet.

public

join:2002-01-19
Santa Clara, CA
reply to chawni
said by chawni:

My problem is that once connected, my internet access is dead on MY computer. Is there a way I can prevent this,

Obviously not allowing split tunnel.
A possible solution is to setup two virtual machines on your pc, one for vpn and the other for browsing

chawni

join:2003-12-02
Stuart, FL
That sounds like a good idea. Do you know of any good tutorial sites like "VM for Dummies.com"?

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
reply to public
said by public:

said by chawni:

My problem is that once connected, my internet access is dead on MY computer. Is there a way I can prevent this,

Obviously not allowing split tunnel.
A possible solution is to setup two virtual machines on your pc, one for vpn and the other for browsing

sounds like more trouble for the thread starter. wouldn't this require two additional windows licenses?

@chawni, tell them to supply you with a laptop that will run their VPN software or tell them you want access to use remote desktop and connect to a machine on their network.

GroovyPhoenx

join:2006-05-22
Gloucester, ON
reply to chawni
Which software for VPN? With little details it can't help much,

However most VPN clients do offer a way to turn off the "Use default gateway" for VPN which allow you to be connected to VPN and still browse the web.

In fact in most cases you turn it off as it lightens the laod on the server to prevent them from having to run all the internet traffic.


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7

However most VPN clients do offer a way to turn off the "Use default gateway" for VPN which allow you to be connected to VPN and still browse the web.

It depends on the policy that the connecting VPN sets. They have the option to require all traffic go through the tunnel. Some administrators leave the option to the client, good administrators enforce it unless there is specific reason why it shouldn't be used.

In fact in most cases you turn it off as it lightens the laod on the server to prevent them from having to run all the internet traffic.

It lightens the load, but then it opens up the remote network being connected to intrusion. If your PC is compromised, once the VPN tunnel is established then the remote network also becomes compromised via the infected computer that is potentially being controlled from the internet.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
what is the best way to see if split tunneling is enabled when the VPN connection is made?


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7
What VPN client do you use? If it's the built in Windows client, I believe the setting is in the vpn adapter settings -> TCP/IP v4 -> Advance Options -> uncheck "Use as default gateway" or something like that. If you use something like a Cisco VPN client it likely isn't permitted.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
sonicwall net extender, i have never checked in the options, but now i am curious and i am going to take a look.

AsherN
Premium
join:2010-08-23
Thornhill, ON
You mat not want to try an circumvent you IT department's security policies. That tends to be a career limiting move.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
said by AsherN:

You mat not want to try an circumvent you IT department's security policies. That tends to be a career limiting move.

i agree with AsherN.

however, the company needs to provide a company laptop to users working at home (we do....we dont want to be responsible for their personal computers).

LLigetfa

join:2006-05-15
Fort Frances, ON
kudos:1
said by tomdlgns:

...the company needs to provide a company laptop to users working at home...

The company needs only to live up to their terms of employment. The employee too, including security policies.
--
Strange as it seems, no amount of learning can cure stupidity, and formal education positively fortifies it. -- Stephen Vizinczey

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
said by LLigetfa:

said by tomdlgns:

...the company needs to provide a company laptop to users working at home...

The company needs only to live up to their terms of employment. The employee too, including security policies.

i agree, but the company shouldn't force the users to use their personal machine with the company VPN software that cripples the users personal computer when working from home.

i dont agree with that.

and the last thing i want to do is remote into a personal PC running our VPN software on it to try and troubleshoot the problem on a computer that is too old and possibly infested with viruses/spyware. doesnt make any sense to me...

LLigetfa

join:2006-05-15
Fort Frances, ON
kudos:1
We don't allow split tunnel on our VPN but then again we don't allow our employees to use their home computers to connect to our network over VPN either. Only managed company provided laptops are allowed VPN access.

We do however allow employees to use our Citrix portal to connect with their personal computers. The portal does not prevent them from accessing the internet from their home computer.
--
Strange as it seems, no amount of learning can cure stupidity, and formal education positively fortifies it. -- Stephen Vizinczey

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
said by LLigetfa:

We don't allow split tunnel on our VPN but then again we don't allow our employees to use their home computers to connect to our network over VPN either. Only managed company provided laptops are allowed VPN access.

We do however allow employees to use our Citrix portal to connect with their personal computers. The portal does not prevent them from accessing the internet from their home computer.

same with us, employees that work from home/the road have a company laptop with the VPN client installed. they can also use citrix, but save that as a backup.